Search squid archive

Re: Block Certain Mime Types

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jeff Rigby wrote:

Been at this for a few hours to no avail so I'd thought I turn to the
collective genius of this list.

I'm trying to block all connections to anything but images, text,
javascript, and CSS. I would like to reply with a 404 error. My server is
setup in Accel mode. Even blocking only text/html should be sufficient for
what I need.

I've tried many variations of the following but nothing seems to take. It
serves text/html just fine. I've tried:

acl allowext url_regex -i \.jpg$ \.png$ \.gif$ \.css$ \.js$
http_access allow !allowext
http_access deny !allowext
Is this an accurate copy of what you put in your config? This would (in absence of any other ACLs), not block anything. First you allow requests that DON'T match your regular expressions, and then you deny any DON'T match your regular expressions that haven't already been allowed. The "http_access deny !allowext" will never match. Remove the ! from the http_access allow line, and this should do just what you want. 


AND

acl blockmimeq req_mime_type -i ^text/html$
acl blockmimep rep_mime_type -i ^text/html$
http_access deny blockmimeq
http_reply_access deny blockmimep
Here you are blocking requests with a "text/html" Mime-Type, and replies with the same type.
with many variations/combos of those. Still no luck. 
Here's my latest ACL in my config (not working)
# Basic ACLs
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl mydomain dstdomain .domain.com .static.com localhost
acl localnet src 10.0.0.0/16
acl Safe_ports port 80          # http
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access allow mydomain
Ah. Squid processes http_access rules on a first-match basis. Put your http_access deny lines above this http_access allow. 


#mime-types
acl blockmimeq req_mime_type -i ^text/html$
acl blockmimep rep_mime_type -i ^text/html$
http_access deny blockmimeq
http_reply_access deny blockmimep

http_access deny all
icp_access allow localnet
icp_access deny all

Any ideas?

Jeff


Chris
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux